package com.cskaoyan.configuration.shiro;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;

/**
 * @author stone
 * @date 2023/06/16 10:23
 */
@Configuration
public class ShiroConfiguration {

    /**
     * 注册ShiroFilter组件
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/unauthc");
        // 配置 内部的有序的Filter的映射范围
        // 1. Filter是谁  → Filter名称：anon、authc、perms → map的value
        // 2. Filter作用范围是什么 → url → map的key
        // 3. Filter之间的顺序是什么 → LinkedHashMap
        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        //
        filterChainDefinitionMap.put("/wx/home/index","anon");
        filterChainDefinitionMap.put("/wx/goods/count","anon");
        filterChainDefinitionMap.put("/wx/category/list","anon");
        filterChainDefinitionMap.put("/wx/coupon/list","anon");
        // 通常用于登录的请求会设置为匿名
        filterChainDefinitionMap.put("/wx/auth/login","anon");
        //filterChainDefinitionMap.put("/wx/user/index","anon");
        //filterChainDefinitionMap.put("/wx/**","authc");

        // 给对应的请求 添加Filter → 上锁
        // 要访问对应的请求，就需要判断是否有权限 → 要从realm中的方法获得权限
        // subject.isPermitted("order:list") 如果为true 就能访问/wx/order/list
        // filterChainDefinitionMap.put("/wx/order/list","perms[order:list]");
        // filterChainDefinitionMap.put("/wx/cart/list","perms[cart:list]");
        // filterChainDefinitionMap.put("/wx/user/list","perms[user:list]");



        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }

    /**
     * SecurityManager组件
     */
    @Bean
    public DefaultWebSecurityManager securityManager(Realm marketRealm, DefaultWebSessionManager sessionManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // 可以使用默认的认证器和默认的授权器，也可以自己提供
        // 默认的认证器 ModularRealmAuthenticator
        // 默认的授权器 ModularRealmAuthorizer
        //securityManager.setAuthenticator();
        //securityManager.setAuthorizer();
        // 提供的Realm会做为默认的认证器和授权器里的成员变量
        // 认证器做认证的时候会使用到Realm提供的方法
        // 授权器做授权的时候会使用到Realm提供的方法
        securityManager.setRealm(marketRealm);
        securityManager.setSessionManager(sessionManager);
        return securityManager;
    }

    // 切面 → 切入点（注解）和 通知（增加ShiroFilter里的Filter）
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}